Full Time: Application Security Engineer at GitHub in San Francisco or Remote

GitHub is changing the way the world builds software and we want you to help change the way we build and secure GitHub.

We are looking for an Application Security Engineer with a strong development and application assessment background who will focus on identifying and remediating vulnerabilities throughout the development process.

As an Application Security Engineer at GitHub you will focus on securing our libraries and applications written in Ruby on Rails and other languages that help power our platform.

You will work with developers to quickly identify and fix vulnerabilities through manual review, automated security analysis, and the GitHub Bug Bounty program.

Your responsibilities will include:


Performing security assessments of existing and newly developed GitHub features and services
Clearly communicating identified vulnerabilities and identifying new assessment techniques or features to prevent them in the future
Triaging submissions and helping run the GitHub Bug Bounty program
Consulting with developers to identify and address security architecture problems with existing and future applications
Leveraging automated security analysis integrated within our development workflow and working to improve the accuracy and coverage of these tools


The minimum qualifications are:


Significant experience in the security assessment of web applications
Strong understanding of common and uncommon web application vulnerabilities and mitigations
Familiarity with modern web security features such as Content Security Policy, Subresource Integrity, and same-site cookies
Familiarity with or eagerness to learn about security vulnerabilities specific to Ruby on Rails


Bonus points if you have:


Experience with Ruby on Rails static analysis tools such as Brakeman
Familiarity with Git and GitHub
Experience assessing applications utilizing GraphQL and React
Experience assessing applications implementing SAML, OAuth, or JSON Web Token authentication
Linux and system security experience


GitHub is committed to building a diverse workforce and strongly encourages applications from people of color and other groups currently underrepresented in tech.

We are looking for candidates who:


Display a strong commitment to building an inclusive tech environment
Have demonstrated resilience and resourcefulness both in and outside of the workplace
Can bring a new perspective based on unique educational, professional, and lived experiences
Can effectively communicate with people from disparate backgrounds
Have experience mentoring/coaching/teaching, particularly in environments with diverse students/participants


WHO WE ARE

GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers.

Over ten million people use GitHub to build amazing things together.

With the collaborative features of GitHub.com, our desktop and mobile apps, and GitHub Enterprise, it has never been easier for individuals and teams to write better code, faster.

We have a lot of exciting things to do, and we’re looking for the right people to grow with us!

WHY YOU SHOULD JOIN

Working at GitHub is, to put it simply, a special slice of the universe.

We're committed to transparency, collaboration, experimentation, and always staying classy.

Because of this unique perspective, we've established one of the most flexible and well designed physical workspaces around that encourages you to work as you work best.

Right now, over 60% of our employees are based outside of our San Francisco (SOMA) headquarters and work according to how they get their best stuff done.

Ensuring that GitHubbers are healthy, motivated, focused and creative is how GitHub stays awesome.

Part of this is ensuring that our benefits

* are out of this world.

In a nutshell, we've built and are growing a place where we truly love working, and we think you will too.

GitHub is made up of people with many different backgrounds and lifestyles, and we like it that way.

We invite applications from people of all stripes.

We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, pregnancy status, veteran status, or any other differences that people imagine to discriminate against one another.

Also, if you have a disability, please let us know if there's anything we can do to make the interview process better for you; we're happy to accommodate.

Please note that benefits vary by country, if you have any questions don't hesitate to ask your recruiter

Apply

Source: GitHub:Jobs